Re: [PATCH v20] GSSAPI encryption support

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> There must be something about the x86_64 ABI that allows this to
>> accidentally work -- maybe integers are presumed to be sign-extended
>> to 64 bits by callee not caller? I added some logging and verified
>> that pgstat.c is seeing the correct string value, so it's working
>> somehow.

> Huh, I'm not sure. That's certainly interesting though.

Oh, no, it's simpler than that: the pointer values that
be_gssapi_get_princ() is returning just happen to be less than 2^31
on my system. I'd dismissed that as being unlikely, but it's the truth.

> So I'm a bit surprised that it's taking 4 minutes for you. I wonder if
> there might be an issue related to the KDC wanting to get some amount of
> random data and the system you're on isn't producing random bytes very
> fast..?

Not sure. This is my usual development box and it also does mail, DNS,
etc for my household, so I'd expect it to have plenty of entropy.
But it's running a pretty old kernel, and old Kerberos too, so maybe
the explanation is in there somewhere.

regards, tom lane